March 08, 2011, 1:17 PM — In 2009, European security agencies estimated a botnet assembled using the Torpig malware program formed an army 1,200,000 client computers strong, lurking in the darkness, waiting to steal bank account and credit card data from its victims.
After researchers managed to take over the 'net for 10 days, they managed to count the number of infected machines according to the unique identifiers used by the botnet itself, rather than the IP addresses they'd used to extrapolate the original number of 1.2 million.
The real number was 180,000 machines, which turned out to be plenty to be a big player in what has become a $10 billion per year criminal industry.
Not that a botnet with 180,000 slaved PCs launching spam, DDOS or other attacks wouldn't normally be considered a big risk; it's just that security agencies in the U.S. and Europe focus most of their time and spend the bulk of their hundreds of millions of budget dollars on big numbers, not necessarily the most imminent threats, according to a pair of reports due to be published tomorrow by the European Union's IT security agency.
Most agencies count IP addresses and from there how many 'bots are likely to still be infected and available at any given time.
That looks good on paper, but overestimates the numbers and risk, which is an advantage for agencies fighting with other government agencies for budgets and authority, according to the European Network and Information Security Agency (ENISA).
According to one estimate, the botnet network the hactivist group Anonymous used to take down Visa's site used fewer than 1,000 client machines, according to Giles Hogben, an expert program manager for security applications and service for ENISA.
The intentions and financial backing of botnet creators has changed over the years as organized crime took over from hactivists or online anarchists or showoffs who built botnets to further their personal goals.
The money behind them is better and the programming efforts are more serious, while the ISPs through which they infect their victims remain marginal players, often with inadequate security, the reports concluded.
Malware, in other words, is a lot smarter and more effective than most of the countermeasures (if any) arrayed against it.